Danger SomeRandomCat Security Configuration 2021

Last updated
Jan 31, 2021
How it's used?
For home and private use
Operating system
Windows 10
On-device encryption
Log-in security
Security updates
Check for updates and Notify
User Access Control
Never notify (disabled)
Smart App Control
Network firewall
N/A
Real-time security
Comodo - Firewall/Auto-Containment/HIPS - Most options enabled + Safe mode for Firewall/HIPS
-Application Vendor Rating disabled

Kaspersky Total Security - Security Network Cloud / AV (Or Cloud Security Free has same options that I use)

WiseVector (Coded to work along-side Kaspersky AV)

HitmanPro.Alert (Anti-Malware real-time protection disabled) All exploit protection enabled
Firewall security
About custom security
Many Microsoft services disabled using:
- Win 10 Tweaker (All options besides Windows update service, and Security center service)
-Device Security: Core Isolation Memory integrity on, and Exploit protection on.

Temp files ran in RAM via ImDisk.

Manual MS Updates as deemed worthy (Using WuMgr). There have been instances in the past where MS updates actually brought on telemetry leaks, so I like to educate myself on each update before applying it.

VeraCrypt - System Encryption. Open source and technically audited/patched twice (Fork of TrueCrypt). I trust this much more than Bitlocker.

Notes:
-This is a personal statement, but I personally have a good amount of faith in Jetico, and am a fan of their Volume Encryption, especially since it works with TPM, but I am waiting for their release that includes the ability to double up on utilizing SSD hardware encryption + software encryption overlay before I purchase a license. SSD encryption has a history of having backdoors/security leaks, but since new versions have been 'patched' and it adds 0% bottleneck, using it underneath the software encryption just makes sense. Worse case the software encryption would still be effective, and best case it provides a second layer of encryption at no cost.

-When Comodo gets around to patching the disappearing rules bug, I will go back to explicitly configuring HIPS/Firewall rules to allow all safe/trusted applications to only be allowed to access exactly what they need to. My perceived benefit of fine-tuning every process so tightly would be that if any type of exploit were to somehow leak though, it would theoretically have a much harder time doing anything afterwards.
Right now I have it basically allow or deny using 'low alert' and 'safe mode'.
Periodic malware scanners
Kaspersky Total Security (Or Cloud Security Free)
WiseVector
HitmanPro
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Brave + uBlock Origin Extension. Brave 'Shields' set to aggressive/strict blocking with no issues on any sites I frequent.
Secure DNS
Pushed DNS from Torguard
Desktop VPN
TorGuard - Killswitch/Forced VPN
Password manager
Manual.
Maintenance tools
BCWIpe:
- Free Space management (Wipe Free Space in Less Time with BCWipe 6.0 from Jetico | Jetico)
-Transparent Wiping (Transparent Wiping overview) Outstanding features by Jetico. I'm a big fan.

Total Uninstall Pro - On every new application install. I manually browse through the installation report and remove (and exclude from future scans) any entries related to security software. Once I got in the habit of this, it became second nature. Big fan of this software as well.

Macrium Reflect:- After fresh Windows install I imaged the system partition. I repeated this process after installing all drivers, again after running Blackbird/Win 10 Twaker, again after installing all utility software (Such as 7Zip, iCue, Notepad++, etc), and again after installing security software. This allows me to easily revert back or between any of these images rapidly as I please.

Notes:
In the past I have used Shadow Defender, I am a big fan of that software as well and have a license for it, but choose not to use it for the time being, because I am too lazy to enter all the registry exceptions required to allow Kaspersky and Comodo to update without my intervention. Instead I use Reflect in the manner I described above and find it suits my tastes a bit better.
File and Photo backup
External HD for backups or important documents.
System recovery
Macrium Reflect (See maintenance section for more details).
Risk factors
    • Browsing to popular websites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Logging into my bank account
    • Downloading software and files from reputable sites
    • Browsing to unknown / untrusted / shady sites
    • Sharing and receiving files and torrents
    • Working from home
    • Gaming
    • Streaming audio/video content from trusted sites or paid subscriptions
    • Streaming audio/video content from shady sites
    • Downloading malware samples
Computer specs
Z170-Deluxe, 32 GB RAM, 1TB SSD EVO x 2, GTX 1070 ROG, i7-6700 4.0GHz +15% OC + Externals and Flash drives.
Notable changes
1.Added note: "Or Cloud Security Free"
2.Added details on Sandboxie, Brave, Windows Update GUI, Reflect, and 3.Comodo configuration that I left out the first time around.
4.Device Security: Core Isolation Memory integrity on, and Exploit protection on.
5. Disabled Comodo application vendor rating.
6. Stopped using Sandboxie, started using HitmanPro.Alert, and stopped using Blackbird (Blackbird is great, but I have a few small issues with it and the developer seems a bit MIA).
What I'm looking for?

Looking for medium feedback.

Notes by Staff Team
  1. This setup may cause performance issues, system instability or conflicts between programs, and can hinder the effectiveness of the installed antivirus products.

SomeRandomCat

Level 3
Thread author
Well-known
Dec 23, 2020
124
Bitlocker: I've never heard anyone using bitlocker's backdoor. I'm pretty sure only one case would be enough for Microsoft to lose it's reputation.
Veracrypt was audited 5 years ago? Maybe I'm wrong but couldn't find fresh audit.

I have no problem with unorthodox solutions but disabling services can cause serious issues.
Veracrypt is open-source so people can look over the code. One open-source code audit is more than Bitlocker has, which is none. It is a fork of TrueCrypt, which was also audited and the flaws were patched in the first VC releases, so that is technically two audts. I wasn't aware that Microsoft had a good reputation in the first place, since it's not open source, we cannot say that it does or doesn't have a backdoor.
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,458
Nothing wrong really with VeraCrypt and extra so after the genuine audits it went through. Bitlocker is something I personal avoid. There is too many reports about it being abused and possible will be used as a backdoor vector. Unless it already is.
Just because a feature is built-in Windows, it does not automatic means that it's inheritance safe and secure. Otherwise there would never exist a need and market for 3rd party tools, for example to tweak Microsoft Defender etc.

But back more to the actual thread topic. My advise if you @SomeRandomCat want another tag, is to listen to member @harlan4096 . He is the one that decide.
 

SomeRandomCat

Level 3
Thread author
Well-known
Dec 23, 2020
124
@upnorth , yeah, well, it is what it is. The WiseVector developer(s) have went out of their way to make sure it works along-side Kaspersky, and enabling UAC would do nothing other than double up on alerts. Kaspersky has much better detection than Microsoft at this point.

A lot of people put a lot of faith in Microsoft, and that is just fine, but I firmly believe there are much better 3rd party options out there.
 

Nevi

Level 11
Verified
Top Poster
Well-known
Apr 7, 2016
537
As mentioned, a little overkill. You should only use one good real-time suite, and you got that covered with KTS, you should ditch Comodo IMO. You have got some good advice about the rest. Thanks for sharing. :)
 

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
I'm not a fan of UAC & never have been, we used almost identical idea but mechanical version some years ago in a UK extreme confined industry & it was found after a certain amount of time users pressed a one of two big red buttons as a matter of course - It had to be changed - So many people on whose PC I've fixed were infected just pressed 'yes' without any understanding as to what they were doing. It works if you understand implications of your actions & if you do you probably don't need it, IMHO overrated.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,223
UAC is a nightmare. Disabling it can save the user a lot of time = a few seconds a week.:)

SomeRandomCat,
With the current setup, the UAC is not required. But this setup is overkill and probably more dangerous for many people than potential malware. Anyway, you can use it at your own risk (nothing wrong with it). You can learn a lot while using it.(y)

If you have a secure non-overkill setup, then UAC on max (Always notify) can prevent many popular UAC bypasses that rely on auto-elevate features. So, if you run your own trusted applications then simply ignore the UAC alert (do you have many such applications?). When you open a non-executable file (something that looks like a document, picture, movie, etc.) and can see the UAC alert then simply choose NO and think - why the hell a document needs Admin rights????.

Please tell us which (only one) security application you want to keep for sure, and you can get some advice on how to built a non-overkill setup.:)(y)
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,048
UAC is a nightmare. Disabling it can save the user a lot of time = a few seconds a week.:)

SomeRandomCat,
With the current setup, the UAC is not required. But this setup is overkill and probably more dangerous for many people than potential malware. Anyway, you can use it at your own risk (nothing wrong with it). You can learn a lot while using it.(y)

If you have a secure non-overkill setup, then UAC on max (Always notify) can prevent many popular UAC bypasses that rely on auto-elevate features. So, if you run your own trusted applications then simply ignore the UAC alert (do you have many such applications?). When you open a non-executable file (something that looks like a document, picture, movie, etc.) and can see the UAC alert then simply choose NO and think - why the hell a document needs Admin rights????.

Please tell us which (only one) security application you want to keep for sure, and you can get some advice on how to built a non-overkill setup.:)(y)
He already said he needs the 3 apps for some reasons as stated on page 1

Comodo for auto-containment/FW/HIPS
KTS for its AV only
SB Plus for the browser use
 

SomeRandomCat

Level 3
Thread author
Well-known
Dec 23, 2020
124
@Spawn , Because the modules I leave active in KTS Paid are available in KSC Free. So, if someone (like me) has a license to KTS, then they can use that with the modules I listed, or if not, then they can just roll with KSC free.
 

SomeRandomCat

Level 3
Thread author
Well-known
Dec 23, 2020
124
The thing is, everything works perfectly together. I use Sandboxie for it's ability to designate the sandbox location to a RamDisk, and only for my browser (as I stated above). WV works perfectly along-side KTS/KSC as well. Maybe overkill, but stable and smooth.
 

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,166
Hi Cat! I noticed that you had all of Comodo at "max settings". If this included the HIPS at the Paranoid level you may want reevaluate and drop it to Safe Mode for two main reasons: first, Paranoid Mode must be an annoyance, and more importantly malware utilizing WMI can be so constructed that will slice through aggressive HiPS and truly darken your day.

Other than that, nice setup!
 

SomeRandomCat

Level 3
Thread author
Well-known
Dec 23, 2020
124
Hi Cat! I noticed that you had all of Comodo at "max settings". If this included the HIPS at the Paranoid level you may want reevaluate and drop it to Safe Mode for two main reasons: first, Paranoid Mode must be an annoyance, and more importantly malware utilizing WMI can be so constructed that will slice through aggressive HiPS and truly darken your day.

Other than that, nice setup!
Yeah, I guess I should of went into a bit more detail. I do use Safe Mode.


Perhaps it has been mentioned but how about a Password Manager?, great Config thanks for sharing. ;)
I have used them in the past, for now I virtualize* my browser in my RAM so it never writes to disk, and I type in all the passwords manually (only once per reboot, when the RAM wipes). This way there are never actually any passwords stored to disk cache. When the 'folderfication' software with encryption comes out I might play around with that and switch things up a bit, but for now typing them in doesn't bother me too much.
 
Last edited:

SomeRandomCat

Level 3
Thread author
Well-known
Dec 23, 2020
124
I went back through my configuration write-up and listed more details for most of the software I use, which better explains how I have everything configured and might alleviate some of your compatibility concerns. My setup might take a bit of fine-tuning compared to some others, and might be considered 'overkill', but it is extremely secure and extremely easy to use once configured the way I outlined.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top